The question arose sharply: how vulnerable is the DataView/DataDetail component from the point of view of security?
If I use the Condition Region component, which takes data from DataView/DataDetail, is it possible to replace this data with custom data on the client side instead of those that come from the server?
As a general rule, anything on the client side can be manipulated so you need to make sure you have the necessary validations on the server side.
I understand that. But if the Condition Region takes data directly from the server, this is a fairly safe solution. I’m wondering how much less secure the solution becomes if the data from the server gets into DataView/DataDetail first and only then into Condition Region.
I’m not sure I’m understanding you. The client side will send data to the server. That data will always be open to manipulation and will be whatever the client enters. If it’s a conditional region then the same rule applies.
DataView/DataDetail are no less secure. They can only work with what the server-side scripts provide to them.
I’m wondering if you’re trying to do something like filtering the data based on client-side filters and are afraid someone might change the filter to contain data that you’ve not already displayed on the page? eg. selecting information for a user where a select dropdown might contain users and you want to make sure they can’t select a user that’s not in the list? Yes, this can be done which is why the server-side scripts have to make sure any data returned is only what you want returned.
That’s what was important to me
The important thing to keep in mind is that the server-side scripts are the crucial part. They get data from the client and return data back to the client. If the client is using DataDetail then it can only work with what the server has provided to it.